Home > Endpoint Management > Monitoring and Reporting > Activation Lock for iOS Devices

Activation Lock for iOS Devices

On devices running iOS 7 and higher, Apple included a security feature called Activation Lock, which prompts for iCloud credentials after a device is factory reset if Find my iPhone/iPad is enabled at the time of reset. This makes it difficult for someone to use or sell an iOS device if it is lost or stolen. 

 

The ability to manage the Activation Lock state on iOS devices depends on whether the devices are supervised or unsupervised.  If a device is supervised, administrators can force enable Activation Lock, and clear the Activation Lock state remotely.

Enable Activation Lock 

To enable activation lock on supervised iOS devices:

  1. Go to Manage > Settings and create a "Privacy and Lock" configuration profile 
  2. Check the box for "Allow activation lock"
  3. Scope the configuration profile to the desired tags and save
    clipboard_e293f2c0409bb8635f4aeb7f288ad6a6f.png

Note: For DEP-enrolled devices, Activation Lock is enabled by default.  To prevent devices from requiring a bypass code when they are factory reset, create and appropriately scope a "Privacy and Lock" configuration profile with "Allow activation lock" unchecked before the devices are enrolled.

 

Bypass Activation Lock

Systems Manager has a feature called Activation Lock Bypass to circumvent activation lock. To remotely bypass Activation Lock, the following criteria must be met:

  • The target device must be enrolled in a Systems Manager network
  • The target device is running iOS 7.1 or greater
  • The device must be supervised, using Apple Configurator or Apple's DEP
  • Find My iPhone/iPad must be enabled using an iCloud account or via MDM


Once these prerequisites are met, the Activation Lock Bypass tools will appear under the MDM commands section of the client details page.

Note: The device must be supervised and enrolled in Systems Manager prior to Find my iPad/iPhone being enabled.

clipboard_e53c70325f00e23f3bcfb088516505ed7.png

 

The Disable activation lock command automatically releases the iOS device from an activation locked state using the last known bypass code(s). It may be necessary to tap Back on the device before being able to proceed with activation if the device is already factory reset.

 

The Show bypass code command reveals the unique activation lock bypass code received by Cisco Meraki from Apple. If the device has already been factory reset and reactivated, at the Activate iPhone/iPad screen, administrators can manually enter the bypass code (without dashes) in the password field and leave the Apple ID field blank

 

clipboard_ebcbd7b3bed76d626f1a2e14c52ea0a48.png

Last modified

Tags

Classifications

This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 1231

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community